Ask Dan Kuykendall - The man behind podPress, phpGroupware, qmail & podCastAlley!

[The_Big_K]

CEans!

CrazyEngineers is proud to have Dan Kuykendall (Director Of Engineering, NTObjectives Inc., USA) – the man behind Mighty Seek Podcast, podPress, project - phpGroupWare, rpmBuilder, Qmail & podcastAlley!

Few days ago, we grilled Dan about his work on podPress, phpGroupware, rpmBuilder. Now its your time. We are lucky that Dan agreed to answer our questions. Dan is a CEan with id ' seek3r '

So charge up your curious brains & shoot your questions directly at Dan! Get started!

-The Big K-

[crook]

Hello Mr. Dan! How were you involved in qmail & how is qmail different from sendmail?

Thanks.

[xheavenlyx]

Hello Dan!

I have seen the recent rise of podcast and I am really impressed by the amazing potential it has. Considering that now it can be easily added to blogs with the wonderful plugin of yours!

Keeping this in mind; how do you picture the future of video and audio podcasting. What new code/hardware development will we be seeing? And how further can we go with it. Is there a point of saturation, if yes where?

You know, I was really inspired by the plugin and just realized that blogging community is one of the strongest forces of influences and information. Strengthening it with more advance features will make the flow of thoughts easer and widespread. I hope to see so much more from your arsenal!

Have a great day!
Regards.

[seek3r]

Quote:

Originally Posted by crook

Hello Mr. Dan! How were you involved in qmail & how is qmail different from sendmail?

Im certainly not "the man behind qmail", that would be Dan Bernstein. My involvement was mostly around documenting how to use it, which was done thru my contributions to the Linux HOWTO project. Qmail is much like sendmail, in that it is a MTA (mail transport agent) which performs the duties of an SMTP server, and includes a POP3 server as well. The way qmail is different than sendmail is in the security design. Sendmail was the original, and it wasnt initially designed with security in mind. It is one huge app that does all the work it needs, and for many years was one of the biggest security holes installed on an internet server. On the other hand, qmail was designed with security in mind from the start. It is created by way of several small apps/utils that do a small set of functions, and each app has little or no trust in the others. So at each step along the way there is redundant validation to protect from things like buffer overflows. All in all, qmail is a far more secure email server solution, but it also has problems. The problems are all around usability. It is not very easy to install, and due to the licensing, its hard for outsiders to add or improve the functionality. More details can be found at http://www.qmail.org but I hope this gives you an answer that will get you started

[Jerry]

Wow! I've few questions too.

Quote:

CE: Is it true that you get paid to hack?

Dan: It is. My job with NT OBJECTives (http://www.ntobjectives.com) is to research the latest ideas and techniques for hacking web apps, and then to manage a development team to automate these attacks into our scanner.

You have mentioned about cross scripting on your website. I am not a computer engineer but I want to know about this technique. Is it similar to phishing?

Also, what are the new features that you are working on for podpress?

[seek3r]

Quote:

Originally Posted by xheavenlyx

I have seen the recent rise of podcast and I am really impressed by the amazing potential it has. Considering that now it can be easily added to blogs with the wonderful plugin of yours!

Ive been a real fan of podcasting as soon as I found a couple decent and interesting ones. As a geek, there is tons of nitch content that would never get out to mainstream media.
When I started my own podcast the tools just didnt do what I wanted, so the plugin began

Quote:

Originally Posted by xheavenlyx

Keeping this in mind; how do you picture the future of video and audio podcasting. What new code/hardware development will we be seeing? And how further can we go with it. Is there a point of saturation, if yes where?

I dotn see a limit at this point. In the future I see audio and maybe video podcast content being subscribed to and consumed by cell phones, video podcasts subscriptions in TIVO type system. I even can envision a point where a system like netflix new downloadable content can be subscribed to and consumed via podcasting technologies.

Quote:

Originally Posted by xheavenlyx

You know, I was really inspired by the plugin and just realized that blogging community is one of the strongest forces of influences and information. Strengthening it with more advance features will make the flow of thoughts easer and widespread. I hope to see so much more from your arsenal!

Thank you. I agree, the blogging community is becoming a HUGE force of content, innovation and informat distribution. Im proud to be part of it.

[seek3r]

Quote:

Originally Posted by Jerry

Wow! I've few questions too.
You have mentioned about cross scripting on your website. I am not a computer engineer but I want to know about this technique. Is it similar to phishing?

Phishing isnt a single attack technique. Phishing is the act of trying to get someone to a site under false pretenses. So like a fake paypal email, where the link is going to another site that may be setup to look like paypal.com but instead is their site which is trying to steal information from you (like your password.

So, phishing attacks often use XSS to accomplish their goal of getting the user to the website they want under false pretenses.

Quote:

Originally Posted by Jerry

Also, what are the new features that you are working on for podpress?

Lots of improvements with presentation control are in the works. Im also focusing more on the pay-subscription support and will probably add support for show notes in the near future.

[seek3r]

Quote:

Originally Posted by Jerry

You have mentioned about cross scripting on your website. I am not a computer engineer but I want to know about this technique.

oops, I didnt answer what XSS is. Many websites take input from a user that will later be displayed to other people. This forum is an example. Now imagine if I were to put in some HTML into my post, and the forum software didnt filter it. I could insert some javascript code that woud send your sessionid (cookie data) to my website, for example. Then I can come back on here as you and ruin your reputation. I could have the javascript redirect you off to some porn site, or whatever I want.


On a site like this, the bad isnt so terrible, but imagine this on amazon, or your bank website. If on amazon, I could then order a bunch of stuff, and send it as a gift to some p.o. box I open up.

So web apps need to filter/escape any inputs they take from users that will later be displayed to other users. There are other types of attacks that web apps need to defend against, but XSS is an important one that isnt being handled peroperly more often than we would like to think about.

To learn more, listen to my podcast about the subject at http://www.mightyseek.com/podcasts/hands-on-series-cross-site-scripting-xss-part-1

[crook]

Quote:

Originally Posted by seek3r

Im certainly not "the man behind qmail", that would be Dan Bernstein. My involvement was mostly around documenting how to use it, which was done thru my contributions to the Linux HOWTO project. Qmail is much like sendmail, in that it is a MTA (mail transport agent) which performs the duties of an SMTP server, and includes a POP3 server as well. The way qmail is different than sendmail is in the security design. Sendmail was the original, and it wasnt initially designed with security in mind. It is one huge app that does all the work it needs, and for many years was one of the biggest security holes installed on an internet server. On the other hand, qmail was designed with security in mind from the start. It is created by way of several small apps/utils that do a small set of functions, and each app has little or no trust in the others. So at each step along the way there is redundant validation to protect from things like buffer overflows. All in all, qmail is a far more secure email server solution, but it also has problems. The problems are all around usability. It is not very easy to install, and due to the licensing, its hard for outsiders to add or improve the functionality. More details can be found at http://www.qmail.org but I hope this gives you an answer that will get you started

Thank you for quickly replying to my question. I have few more questions . I really liked the podpress plugin but it is only avaialble for wordpress. Are you planning to add support for other blogging tools such as yahoo360 or movabletype?

[seek3r]

Quote:

Originally Posted by crook

Thank you for quickly replying to my question. I have few more questions . I really liked the podpress plugin but it is only avaialble for wordpress. Are you planning to add support for other blogging tools such as yahoo360 or movabletype?

No plans at this time to port it to any other blogging platform. It would be portable, but would require quite a bit of work because it is very specifically designed for the wordpress environment.